2 require ("result.inc");
19 var $_halt_on_error = true;
22 function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
23 $this->Database=$database;
24 $this->Password=$password;
29 function CLASS_DATABASE() {
30 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
33 function connect($url,$user,$password,$database, $halt_on_error = true) {
35 $this->_halt_on_error = $halt_on_error;
36 if ($this->_linkId == false) {
37 $this->_linkId=mysql_connect($url, $user, $password);
38 if ($this->_linkId == false) {
39 $error='chcipla databaza';
40 $this->exception($error);
44 // mysql_query('set character set utf8');
48 $this->_password=$password;
50 if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
51 $this->exception("1Database failed.");
55 $this->_database=$database;
61 function closeMysql() {
62 mysql_close($this->_linkId);
66 function query($sql) {
68 $this->_linkId = false;
69 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
72 // Simple IDS, against automats
73 // When possible attack is detected,
74 // query & session information is stored into log
75 // Looking for following string in SQL query:
76 // - "user()" (get cur. user)
77 // - "@@version" (get mysql version)
78 // - "AND 1=1" (blind sqli) (too many false positives?)
79 // - "information_schema" (for listing of tables, columns...)
81 // - "/*" (comment) (too many false positives?)
82 // - "--" (comment) (too many false positives?)
84 if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
85 || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
87 logger::log('SQL ALARM',$sql);
91 $this->_queryId = mysql_query($sql,$this->_linkId);
93 if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
96 echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
99 if ($this->_queryId == false) {
100 $this->exception("query failed ::$sql::");
103 return new result($this->_queryId, $sql);
107 function executequery($sql) { //same as query()!
108 return($this->query($sql));
111 function executetransaction($queries) {
112 $this->executequery("set autocommit=0");
113 if (is_array($queries)) {
114 foreach ($queries as $query) {
115 $this->executequery($query);
118 $this->executequery("commit");
119 $this->executequery("set autocommit=1");
122 function executeupdate($sql) {
123 return($this->update($sql));
127 function update($sql) {
128 if (!$this->Master) {
129 $this->_linkId = false;
130 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
131 $this->Master = true;
134 $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
135 if ($this->_queryId == false) {
136 $this->exception("update failed.");
138 $rows=@mysql_affected_rows($this->_linkId);
142 function getLastInsertId() {
143 return(@mysql_insert_id($this->_linkId));
146 function exception($errorMessage) { //Internal only!
149 echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
152 if ($this->_halt_on_error) {
153 die("<pre>".$errorMessage."</pre>");
155 echo $errorMessage."<br>";